如何从不同于其创建位置的计算机上的Azure Linux VM(kubernetes群集)获取凭据?
[英]How to get credentials from Azure Linux VM (kubernetes cluster) on machine different from where it was created?
问题描述
I need to gain access to Kubernetes cluster in Azure on a Windows Server 2016 machine. 
我需要访问Windows Server 2016计算机上Azure中的Kubernetes群集。 I did not create the cluster but I am assigned as Global Admin in the Azure Account. 我没有创建群集,但是在Azure帐户中被分配为全局管理员。 I already made a successful login to the azure account, but not yet to the server. 我已经成功登录了azure帐户,但尚未登录服务器。 I already installed kubectl CLI in the machine. 我已经在机器上安装了kubectl CLI。 Now I need to access the cluster. 现在,我需要访问集群。
I have .kube/config , .ssh/id_rsa and .ssh/id_rsa.pub inside my C:\\Users\\Administrator folder. 我的C:\\ Users \\ Administrator文件夹中有.kube / config , .ssh / id_rsa和.ssh / id_rsa.pub 。 I have tried the ssh -i ~/.ssh/id_rsa kubectluser@ourDNSname and I was able to access it. 我已经尝试过ssh -i ~/.ssh/id_rsa kubectluser@ourDNSname并且可以访问它。 So my private key is good. 所以我的私钥很好。 But, I don't want to work inside the VM. 但是,我不想在VM内部工作。 My working directory is supposed to be inside the WinServer2016 machine. 我的工作目录应该在WinServer2016计算机中。 I should be able to kubectl get nodes and it must return me a table of the 3 VMs. 我应该能够kubectl get nodes并且它必须向我返回3个VM的表。
This is what happens though (AGAIN, the ssh to VM works, I can do the kubectl commands w/o problem inside the VM) 不过,这就是发生的情况(再次,VM的ssh可以正常工作,我可以在虚拟机内部执行kubectl命令而不会出现问题)
az acs kubernetes get-credentials --resource-group=myRGroup --name=myClusterName
returns 退货
Authentication failed. Traceback (most recent call last): File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main cmd_result = APPLICATION.execute(args) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 216, in execute result = expanded_arg.func(params) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__ return self.handler(*args, **kwargs) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command reraise(*sys.exc_info()) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise raise value File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command result = op(client, **kwargs) if client else op(**kwargs) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 776, in k8s_get_credentials _k8s_get_credentials_internal(name, acs_info, path, ssh_key_file) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 797, in _k8s_get_credentials_internal '.kube/config', path_candidate, key_filename=ssh_key_file) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\acs_client.py", line 72, in secure_copy ssh.connect(host, username=user, pkey=pkey, sock=proxy) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\paramiko\client.py", line 416, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, t.gss_host, File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\paramiko\client.py", line 701, in _auth raise saved_exception File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\paramiko\client.py", line 678, in _auth self._transport.auth_publickey(username, key)) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\paramiko\transport.py", line 1447, in auth_publickey return self.auth_handler.wait_for_response(my_event) File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\paramiko\auth_handler.py", line 223, in wait_for_response raise e paramiko.ssh_exception.AuthenticationException: Authentication failed.
kubectl get nodes
returns 退货
You must be logged in to the server
I can't use kubectl create or kubectl set image deployment because of this. 因此,我不能使用kubectl create或kubectl set image deployment 。
What do I need to do? 我需要做什么? What information do I need from the person and machine who/which created the cluster? 我需要创建集群的人员和机器的哪些信息?
Edit: 编辑:
1 个解决方案
解决方案1
0 2017-12-07 01:51:51
I have .kube/config, .ssh/id_rsa and .ssh/id_rsa.pub inside my C:\\Users\\Administrator folder.
The default path to an SSH key file is ~\\.ssh\\id_rsa , in Windows, we should specify the path, like this: SSH密钥文件的默认路径是~\\.ssh\\id_rsa ,在Windows中,我们应该指定路径,如下所示:
C:\Users\jason\.ssh>az acs kubernetes get-credentials --resource-group=jasonk8s --name jasonk8s --ssh-key-file C:\Users\jason\.ssh\k8s
Merged "jasontest321mgmt" as current context in C:\Users\jason\.kube\config
C:\Users\jason\.ssh>kubectl.exe get nodes
NAME STATUS ROLES AGE VERSION
k8s-agent-c99b4149-0 Ready agent 7m v1.7.7
k8s-master-c99b4149-0 Ready master 8m v1.7.7
In your scenario, please try to use this script to get credentials: 在您的情况下,请尝试使用此脚本获取凭据:
az acs kubernetes get-credentials --resource-group=myRGroup --name=myClusterName --ssh-key-file C:\Users\Administrator\.ssh\id_rsa
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.